Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
14 2014 Issue 01 | Dell.com/powersolutions
Features
The world is becoming ever more
connected. Yet in many ways,
enterprise security remains
disconnected. Security tools,
processes, user profiles and information may
be separated in silos that leave dangerous
gaps in between. Hackers, fraudsters and other
threat actors are often determined to exploit
these disconnects.
An effective security solution must close the
gaps. Achieving this goal requires capabilities
in four interconnected areas: identity and
access management, network security, data
and endpoint security, and security services.
These capabilities reinforce each other, working
together for seamless protection. Solutions
in the Dell Security portfolio span these four
pillars to support a cohesive enterprise security
strategy that is designed to protect information
everywhere, in step with the business.
Identity and access management
The first pillar addresses the fact that not all
threats come from the outside.
One of your system administrators is
apparently using his privileges to access
material that he shouldn’t. You need to discover
what’s going on. And if you must terminate his
Real-world security that frees enterprises to adopt disruptive technologies without
disrupting productivity — it’s the secret to success. Dell Security offers highly integrated
protection from the endpoint to the data center to the cloud.
By Dmitriy Ayrapetov, Jon Ramsey, Jackson Shaw and Sarah A. Williams
Unlocking business potential with seamless protection
Dell.com/powersolutions | 2014 Issue 01 15
Features
employment, you need to ensure that all
of his access accounts and privileges are
quickly removed as well.
Protecting against this type of threat
is the function of identity and access
management (IAM) solutions. IAM helps
ensure that people have the right access
to the right resources — and only those
resources — at the right time.
Delivering this access is essential for
enabling employees to work productively.
But at the same time, centralized IAM
is critical for controlling individual user
identities, governing user access rights and
maintaining visibility into privileged-user
actions. Recent events have shown that
entities from both the public and private
sectors must be vigilant in knowing the
activities of highly authorized users.
A comprehensive IAM solution
includes access governance, privileged
account management and identity
administration. (For more information,
see the sidebar, “8 steps toward robust
identity and access management.”)
Protecting critical information
with user access controls
For access governance, Dell One Identity
solutions provide the visibility and control
necessary to understand what is in the
organization’s environment and who
has access to it. The solutions establish
a continuous process that helps ensure
individual employees have the right access
to do their job, but nothing more, and
empower business managers to properly
certify access.
Dell One Identity also enables
organizations to manage the entire lifecycle
of identities by automating account creation
with delegated rights, group memberships
and attributes to authorize users. It is designed
to reduce the complexity of common
administrative tasks, such as password
management, and simplify the management
of policies across complex UNIX®, Linux®
and Macintosh® environments.
Controlling and auditing elevated access
A secure process should be established for
requesting and issuing privileged credentials
for administrative account access,
with rights based on strong policy
and group membership within the
Microsoft® Active Directory® directory
service. Organizations can control and audit
administrative access in several ways, such
as performing keystroke logging, conducting
session audits and delegating granular
privileges for execution of specific commands.
Dell One Identity provides these
capabilities and minimizes the burden
imposed on IT by compliance demands,
helping improve compliance through
8 steps toward robust identity and access managementDell has gleaned eight best practices to help enterprises improve their identity
management systems for heightened security, efficiency and compliance.
1. Define the organization’s employees, contractors, consultants and other
stakeholders who need to access company resources.
2. Implement a single, integrated system that provides end-to-end management of
employee identities throughout their lifecycle.
3. Provide knowledge and control of identities and permissions to business data
owners and custodians.
4. Enforce a request-and-approval workflow to manage and document change.
5. Automate user account provisioning to help reduce overhead, avoid errors and
improve consistency.
6. Create compliance rules for the identity management system to help the
organization comply with any industry or governmental regulations.
7. Check and recheck permissions to avoid security risks.
8. Manage roles instead of individuals.
For more details about these best practices, download the white paper,
“8 Best Practices for Identity and Access Management,” at qrs.ly/ca3u3is.
16 2014 Issue 01 | Dell.com/powersolutions
Features
automation and reporting consolidation.
Dell One Identity also includes user activity
monitoring capabilities for discovering
vulnerabilities, addressing security policy
violations and preventing unauthorized
access to systems and data.
Network security
While IAM is primarily concerned with
internal security, the second pillar, network
security, protects against threats from
outside the enterprise.
You receive an email at work from a
school nurse saying that your child is sick
and the school isn’t able to reach your
spouse. The email contains an attachment
outlining the diagnosis of your child.
Naturally, you open it. The names of your
child, your spouse, the school and even the
school nurse are all accurate. But the story
is false — once you opened the attachment,
malware gained access to your device and
from there to the company network.
Network security works to thwart this
phishing activity and other types of external
attacks. It should also coordinate with an
organization’s IAM solution. In an optimal
scenario, the network security solution can
alert IAM software to be on the lookout
for someone on the network seeking
unauthorized access using a legitimate
employee account.
Protecting the perimeter
with next-generation firewalls
An effective foundation for a secure
network is the Dell SonicWALL family
of next-generation firewalls. These
firewalls tightly integrate advanced
intrusion prevention, malware protection
and application control with real-time
visualization for comprehensive, connected
security. Access to applications can be
controlled based on multiple conditions
ranging from user identity and application
type to time of day and duration of use. (For
more information, see the sidebar, “Deep
packet inspection for network protection.”)
Additional security and connectivity
capabilities such as virtual private network
(VPN) protection and content filtering help
make SonicWALL Next-Generation Firewalls
a comprehensive solution. High-speed
inspection of traffic encrypted with Secure
Sockets Layer (SSL) is designed to prevent
malware and intrusions from coming through
encrypted connections. And to identify
and respond to the latest threats, cloud-
assisted anti-malware enables Dell firewalls
to quickly match malicious code against a
large, continuously updated database.
Delivering protection
for mobility access and email
Dell SonicWALL solutions also are designed
to enhance employee productivity and
protect against threats through simple,
policy-enforced mobile access to mission-
critical data and applications. Dell SonicWALL
email security hardware and software help
ensure email is a safe productivity tool.
Moreover, management and reporting
capabilities are provided for optimizing
security and easing administration.
Data and endpoint security
The first two pillars of Dell Security are
about access, both internal and external.
The third pillar is about protecting the
data itself.
Using your legitimate credentials,
someone is trying to enter systems that you
would never access. If your organization
has an IAM solution, it will generate an
alert to flag the unusual activity. Even if the
attacker got through, your organization
would still be protected — because the
data is encrypted and can’t be read.
Deep packet inspection for network protectionProprietary Dell Reassembly-Free Deep Packet Inspection (RFDPI) technology scans
against multiple application types and protocols to help ensure the enterprise network
is protected from internal and external attacks, as well as application vulnerabilities.
To deliver visibility and control, RFDPI is designed to scan traffic on every port, on
every protocol and in any direction, inspect every byte of a connection and examine
up to hundreds of thousands of simultaneous connections.
With these capabilities, RFDPI can categorize application traffic and protect
against threats at both the application and network layer.
Dell.com/powersolutions | 2014 Issue 01 17
Features
Data protection presents several
challenges for today’s organizations. The
environment includes a variety of mobile
devices and operating systems, and
organizations are storing more data in
the cloud than ever before. Management
of encrypted devices can be difficult.
And regulatory compliance requires
organizations not only to protect data from
being stolen, but also to produce reports
proving that it is protected.
Safeguarding data with strong encryption
The Dell Data Protection | Encryption (DDP | E)
portfolio delivers a high level of protection
for desktops, laptops, mobile devices,
external media devices and end-user data
stored in public cloud services such as the
Dropbox®, Box and Microsoft® OneDrive
platforms. It also fills critical security gaps
and enables organizations to manage
Microsoft® BitLocker® software — all from
a single management console.
DDP | E software encryption uses an
innovative, data-centric approach that is
designed to protect data without disrupting
IT processes or end-user productivity. The
solution allows IT to easily enforce encryption
policies, whether the data resides on the
system drive, on external media or in the
cloud. (For more information, see the sidebar,
“Why data-centric encryption is the way to
go.”) For organizations needing a higher level
Why data-centric encryption is the way to goData protection necessarily involves encryption on endpoint devices. However,
full disk encryption (FDE) can be difficult to manage. IT must decrypt and then
re-encrypt the device to perform maintenance, software updates, inventory and
other management tasks.
File and folder encryption differs from FDE in that only specific files and folders
are encrypted. This capability can deliver significant time and money savings.
However, many implementations of file and folder encryptions leave security
holes, since they require the user to remember to save sensitive files into specific
encrypted folders.
Dell Data Protection | Encryption (DDP | E) overcomes these challenges by taking
a data-centric encryption approach that combines file-level encryption with policy-
based management:
• Encryption policies specify what should or should not be encrypted.
• Policies may be based on a number of criteria, such as user or group membership,
specific file types or even a specific application that generates sensitive data.
• The encryption works transparently in the background, without user intervention.
The DDP | E data-centric approach also uses multiple encryption keys. A
common key may be used to encrypt common system data. Individual, user-
specific encryption keys are used so that sensitive data specific to an individual is
accessible only by that person.
Keep it simple
Dell One Identity solutions are designed to simplify identity and access management needs. Watch the video on this web page to learn more about a simplified, unified approach to solving challenges such as privileged account management, data access governance and enterprise provisioning.
quest.com/identity-management
18 2014 Issue 01 | Dell.com/powersolutions
Features
of security, Dell offers DDP | Hardware Crypto
Accelerator, which adds hardware-based
encryption with tamper-resistant protection
and identity-based authentication with
Federal Information Processing Standards
(FIPS) Publication (PUB) 140-2 Level 3
military-grade security.
Another challenge is that many users
routinely store and share files in public
cloud-based storage services. IT can lose
control over data security once files are in
these services. DDP | Cloud Edition gives IT
granular control to determine which users
can view the data, including shared files, as
well as which endpoints can be employed
to access the data.
Locking down hardware
The first line of defense lies at the PC
level. Having the proper authentication
solutions in place can greatly bolster
protection against a security breach.
Included with Dell Precision, Dell Latitude
and Dell OptiPlex systems, DDP | Security
Tools (DDP | ST) is an end-to-end software
solution that supports Dell hardware
authentication options.
DDP | ST provides secure access control
using optional smart card and fingerprint
readers with FIPS PUB 201 certification or
an optional contactless smart card reader.
It also supports pre-OS login with self-
encrypting drives and single sign-on (SSO).
Administrators can use the centralized
DDP management console to remotely
manage user credentials, passwords,
encryption policies and multiple hardware
authentication methods.
For added protection, Dell ControlVault is
available on select Dell Precision and Latitude
systems. This secure hardware element
provides an isolated authentication processing
environment for matching biometric and
smart card credentials. Moreover, only Dell
offers FIPS PUB 140-2–certified Trusted
Platform Module (TPM), which ships with
Dell business laptops and tablets to help
ensure that the implementation meets the
highest standards for protection.
Meet the Counter Threat teamThey are an elite unit with backgrounds
in private security, the military and
intelligence. They know where to look
for information that’s tucked away in
dim areas of the internet and hacker
communities. They can build an overall
picture from a thousand disparate
puzzle pieces of data. And when an
incident is identified, this team
swings into action to contain and
remove the threat.
They’re the Dell SecureWorks Counter
Threat Unit (CTU). For many large and
midsize companies, government agencies
and media outlets, CTU is the answer to
their security challenges.
Top security talent and techniques
Comprising some of the most highly
regarded security researchers in the world,
the CTU research team is frequently first
to market with the identification of new
exploit techniques. Using proprietary
technologies, they can identify threats in
advance, assess their severity and provide
recommendations for protecting against
them. Putting this knowledge to work is
the job of analysts at Dell’s seven Security
Operations Centers in the United States,
Europe and India.
When an incident is identified,
the CTU response team takes the
necessary steps to mitigate the threat
before damage is done. CTU forensic
investigators can determine the source
and full extent of a breach to contain
the incident and address the root cause,
and response team members work
hand-in-hand with a client’s team until
the issue is resolved.
Dell.com/powersolutions | 2014 Issue 01 19
Features
Security services
With the first three pillars in place, there is one more
important security asset to consider: intelligence.
You’ve taken the right steps to protect your
organization all the way out to the edges of the
network. But you also need to be proactive about
new and emerging global threats. Are threat
actors already targeting your organization or its
executives? How can you prepare or take action?
Information and IT security services help
organizations of all sizes protect their IT assets,
comply with regulations, reduce security costs
and adapt incident response to meet threats.
Building relationships with managed
security services
Delivering managed services is different
from delivering security products — it means
that Dell’s relationship with an organization is
just beginning when the technology is deployed.
Clients of Dell SecureWorks managed services
range from Fortune 100 companies with large
security teams to organizations with no full-
time security staff.
Some enterprises look to Dell SecureWorks
to back up their existing security staff, monitor
select devices, provide alerting if necessary and
enable reporting through a customer portal.
Other organizations depend on Dell SecureWorks
to actively manage their security environment:
configuration, deployment, monitoring and response,
including reports tailored for different internal
audiences. Dell SecureWorks also offers a wide range
of industry and government compliance solutions.
Consulting for security and risk assessment
The Dell SecureWorks security and risk consulting
team provides the expertise and analysis needed
to help organizations enhance their security
posture. The team works with enterprises to design
and implement their strategic security programs,
assess and test their defenses, and resolve critical
information security breaches. Security awareness
training solutions are available to raise employee
vigilance and meet compliance requirements, and
program development services help organizations
review and improve their information security
policies based on best practices.
Knowing the threat to better protect against it
Dell SecureWorks researchers and security
consultants are highly versed in the practices
and nuances of intelligence. This team applies its
research and intelligence capabilities to all aspects
of Dell SecureWorks operations, using tools that
go well beyond simple alerts and content searches
to include sophisticated relationship mapping and
advanced techniques for detecting malicious code.
With seven Security Operations Centers (SOCs)
worldwide, Dell SecureWorks also provides localized
incident-response personnel. (For more information,
see the sidebar, “Meet the Counter Threat team.”)
Moving from reactive
to proactive to predictive
The Dell Security portfolio connects security
to infrastructure with protection embedded
natively into IT systems. It connects security to
information with proactive measures to gather,
analyze and report the data needed to guard
against malicious attacks. And it connects security
solutions together for protection that is no longer
siloed and enables organizations to respond
decisively if an incident occurs.
Based on the four pillars of enterprise
security — identity and access management,
network security, data and endpoint security,
and security services — this approach empowers
organizations to move from reactive to proactive
to predictive mode to counter evolving threats.
Dell also maintains a professional services staff
ready to work with organizations to determine
their business-specific and site-specific issues,
scope a solution to meet those requirements
and help evolve the solution as threats change.
Organizations can leverage the Dell team’s
deep insight gained from helping thousands of
customers deal with security issues. As a result,
Dell Security frees business and technology leaders
to pursue exciting new opportunities wherever the
business takes them, with the focus on innovation
rather than protecting their flanks.
On the hunt
The young man could pass for one of China’s prosperous new middle class. But he’s not just anyone — he’s a hacker named Zhang. Follow a Dell SecureWorks analyst as he investigates the twisted tracks of an active espionage campaign.
qrs.ly/sq3u3iq
Authors
Dmitriy Ayrapetov is director of
product management for network
security at Dell.
Jon Ramsey is executive director,
chief technology officer and Dell
Fellow with Dell SecureWorks.
Jackson Shaw is senior director of
product management for the Dell
Software Group.
Sarah A. Williams is director
of product management,
security software, for Dell End
User Computing.
Learn more
Dell Security:
Dell.com/security
Dell Data Protection solutions:
Dell.com/dataprotection
Dell, Dell Precision, ControlVault, Counter Threat Unit, Latitude, OptiPlex, Reassembly-Free Deep Packet Inspection and SecureWorks are trademarks of Dell Inc.